|
A Review of International Standards for Resilience
"A resilient organization is one that is able to achieve its core objectives in the face of adversity."
So how do you know if your organization is resilient? How do you measure the resilience of your organization? Can the resiliency of an organization be certified?
At this time there is no International Standard for Organizational Resilience, but there are many individual standards that together could be used to measure the resilience of an organization.
The focus of the March ICORrespondence Newsletter is to review various International Standards and Guidelines that are either in place or under development in the disciplines that support organizational resilience.
In addition, we have included an update on the work being done by The International Center for Enterprise Preparedness (InterCEP) of New York University to support the implementation of US Public Law 110-53, Title IX. Learn More.
Get advice from our Legal, Compliance, & Audit Discipline Chairperson, Donald Byrne on Preparing for the Audit Process. Learn More.
|
Community Resilience & Preparedness Standards and Guidelines
Societal Security - Guideline for Incident Preparedness and Operational Continuity Management: ISO/PAS 22399:2007
ISO/PAS 22399:2007 provides general guidance for an organization - private, governmental, and nongovernmental organizations - to develop its own specific performance criteria for incident preparedness and operational continuity, and design an appropriate management system.
It provides a basis for understanding, developing, and implementing continuity of operations and services within an organization and to provide confidence in business, community, customer, first responder, and organizational interactions. It also enables the organization to measure its resilience in a consistent and recognized manner.
ISO/PAS 22399:2007, however, excludes specificemergency response activities following an incident, such as disaster relief and social infrastructure recovery that are primarily to be performed by the public sector in accordance with relevant legislation. It is important, however, that coordination with these activities be maintained and documented. It establishes a single globally recognized benchmark for public and private sector preparedness and continuity management. To learn more
Characteristics of a Disaster-Resilient Community: A Guidance Note for Governments and Civil Society Organizations
The guidance note shows what a disaster-resilient community might consist of, by setting out the many different elements of resilience. It also provides some ideas about how to progress towards resilience. It can be used at different stages of project cycle management, particularly in planning and assessment, and monitoring and evaluation. It can also be linked to other tools used in Disaster Risk Reduction (DRR) projects and research (e.g. vulnerability and capacity analysis). The guidance note is designed to support processes of community mobilisation and partnership for DRR but the findings of reviews and assessments carried out using the note may also have some value in advocacy work at local and higher levels. To find out more http://www.proventionconsortium.org/?pageid=90 |
|
Business Continuity, Crisis Management & Emergency Management Standards and Guidelines
Several organizations from different countries have developed guidelines and standards focusing on business continuity, crisis management, and emergency management.
BCI's Good Practice Guidelines For the full guidelines link here. The Good Practice Guidelines and the pocket guide follow the BCM Lifecycle described in BS 25999 part 1. BS 25999 part 1 establishes the process, principles, and terminology of BCM. Part 2 concerns setting up and managing an effective BCM System. Go to www.bs25999.com to find out more.
ASIS International Proposed Standard
ASIS International have embarked on a development programme to create a business continuity management standard that would be approved by ANSI arguing that there exists a compelling need for a standard in North America that could be audited and had a holistic view. BSi have announced they will be partnering with ASIS International, the resulting standard will be based on BS25999. Other participants DRII, ACP, BCI, ICOR and the Continuity Forum. The scope of the proposed standard is quite wide and encompasses crisis management and IT continuity. Go to http://www.asisonline.org/guidelines/inprogress_published.htm to find out more.
NFPA 1600 This standard provides disaster and emergency management and business continuity programs the criteria to assess current programs or to develop, implement, and maintain aspects for prevention, mitigation, preparation, response, and recovery from emergencies. Download a copy.
Z1600- Emergency Management and Business Continuity Programs This Canadian Standard provides an effective benchmark to allow organizations to evaluate and or initiate their Emergency Management and Business Continuity Programs and provide focus and common platform for EM/BCP programming and serve as a model for any organization or institution, private or public. To learn more
SS540 A Singapore Standard published January 2009 that establishes the framework for organization to analyse, implement strategies, process and procedures. The standards emphasise on resilience and protection of critical assets, human, environment, intangible and physical. It focuses on continuity management and recovery of critical business functions as to make it applicable small and large organizations. To learn more
SS507 - ISO/IEC 27031
A Singapore Standard that provides a basis to certify and differentiate the BC/DR service providers, helps the end-user organisations in selecting the best-fit service providers and provides quality assurance. Also establishes industry best practices to mitigate outsourcing. Singapore was the first country in the world to introduce a Standard and Certification programme for BC/DR service providers. To Learn More
Japanese Ministry of Economy, Trade & Industry BCP GuidelinesThe Japanese METI publishes a set of guidelines covering both business continuity and IT service continuity. The Japanese cabinet office also produces BCP guidelines. For more information go to http://www.meti.go.jp/english/press/data/nBackIssue20080903_01.html (the guidelines are only available in Japanese)
Emergency Management Accreditation Standard: A Framework for Assessing Regional Preparedness www.emaponline.org EMAP is a standard-based voluntary assessment and accreditation process for state/territorial, regional, tribal, and local government emergency management programs. |
Information Management & Security: Guidelines and Standards
BS25777:2008 ICT Continuity Management
BS25777 gives recommendations for information and communications technology (ICT) continuity management within the overall framework of business continuity management provided by BS25999. It is the bridge between general business continuity management and information technology. It makes BS25999 relevant to information and communications technology. Will help you and your organisation understand the threats to, and vulnerabilities of, ICT services, enabling you to ensure your organisation is guarded against such threats and vulnerabilities. For more information go to http://www.itgovernance.co.uk/products/2139.
ISO/IEC 27002 2005 can be used by any organization that needs to establish a comprehensive information security management program or improve its current information security practices. According to the official title page, ISO/IEC27002 is a "code of practice for information security management". ISO/IEC recommends that you consider each of these practices as you establish or improve your organization's information security management program. For more information go to www.iso-17999.com, www.27000.org and http://www.praxiom.com/iso-17799-intro.htm
TIA-942 Data Center Standard
TIA-942 is a standard developed by the Telecommunications Industry Association (TIA) to define guidelines for planning and building data centers, particularly with regard to cabling systems and network design. For more information link here.
National Institute of Standards and Technology - NIST 800 Series
Special Publications in the 800 series present documents of general interest to the computer security community. The Special Publication 800 series was established in 1990 to provide a separate identity for information technology security publications. This Special Publication 800 series reports on ITL's research, guidelines, and outreach efforts in computer security, and its collaborative activities with industry, government, and academic organizations. To read the series go to www.nist.gov
Information Security Forum - The Standard of Good Practice for Information Security addresses information security from a business perspective, providing a practical basis for assessing an organization's information security arrangements. To download the standard you need to register at www.isfstandard.com.
| |
|
|
ICOR Offers Professional Development Opportunities Like No One Else!
Register Now!
| |
|
|
|
|
|
|
The International Consortium for Organizational Resilience (ICOR) was founded to respond to the growing market need for a single avenue of access to the many offerings of education and credentialing expertise that is easily accessible and usable worldwide.
We are a not-for-profit education and credentialing organization that provides professional development, certification, thought-leadership, and the latest in research and industry trends.
ICOR provides the solution to organizational resilience - throughout the world.
|
|
Sincerely,
Lynnda Nelson, President
The International Consortium for Organizational Resilience
|
|
|
|
